--- name: expense-audit description: "Design and execute expense audit programs including policy compliance reviews, anomaly detection, fraud investigation, and continuous monitoring frameworks. Use when conducting expense audits, detecting fraud patterns, building audit workflows, or implementing continuous monitoring. Triggers on phrases like 'expense audit', 'fraud detection', 'policy compliance', 'anomaly detection', 'expense investigation', 'continuous monitoring', 'duplicates detection', 'split receipt', 'mislaid expenses', 'audit sampling', 'expense fraud'." --- # Expense Audit & Compliance Design and execute comprehensive expense audit programs including policy compliance reviews, anomaly detection, fraud investigation, and continuous monitoring frameworks to protect organizational assets and ensure expense policy adherence. ## Workflow ### Phase 1: Audit Program Design 1. **Audit scope and objectives**: - Define audit universe (all expenses, by department, by region, by risk tier) - Risk assessment: identify high-risk areas (travel, entertainment, vendor payments) - Policy review: current expense policy vs. industry best practices - Regulatory requirements (SOX, GDPR data in receipts, local tax implications) 2. **Sampling methodology**: - Risk-based sampling (higher risk = larger sample) - Stratified sampling by category, amount, department - Statistical vs. judgmental sampling criteria - Full-population automated testing where feasible 3. **Audit criteria development**: - Compliance checklist (receipt requirements, approval hierarchy, policy limits) - Red flag indicators (duplicate submissions, weekend expenses, round-dollar amounts) - Materiality thresholds (de minimis, significant, critical) - Benchmark comparisons (industry averages, historical trends) ### Phase 2: Audit Execution 1. **Data collection and preparation**: - Extract expense data from ERP/expensing system - Data validation and completeness check - Normalization across data sources - Anonymization (privacy protection where required) 2. **Automated analysis**: - Duplicate detection (same amount, same date, same vendor) - Policy violation scanning (over-limit, missing receipt, unauthorized category) - Benford's Law analysis (statistical anomaly detection) - Network analysis (related-party detection, circular reimbursements) 3. **Detailed testing**: - Sample selection and documentation - Receipt verification (authenticity, completeness, policy alignment) - Approval workflow review (proper authorization, segregation of duties) - Vendor validation (legitimacy, related-party screening) 4. **Fieldwork and interviews**: - Employee interviews (select cases, fact-finding) - Manager interviews (oversight practices, awareness) - Finance team interviews (process understanding, controls) - Documentation of findings and evidence ### Phase 3: Reporting & Remediation 1. **Findings synthesis**: - Issue categorization (fraud, error, policy gap, system limitation) - Root cause analysis (process, system, training, culture) - Financial impact quantification - Risk rating (critical, high, medium, low) 2. **Reporting**: - Management report (executive summary, detailed findings, recommendations) - Board/audit committee report (high-level overview, material findings) - Individual notifications (where appropriate, per HR policy) - Trend analysis and year-over-year comparison 3. **Remediation tracking**: - Action plan development (owner, deadline, expected outcome) - Follow-up and validation of remediation - Policy updates and process improvements - System enhancements and control automation ## Templates ### Expense Audit Program Framework ``` EXPENSE AUDIT PROGRAM — Annual Framework ========================================== Version: [2025-01] | Audit Committee Approved AUDIT OBJECTIVE: Assess the effectiveness of expense management controls, detect policy violations and potential fraud, and recommend improvements to reduce risk, improve compliance, and optimize expense management processes. AUDIT SCOPE: Period under review: January 1, 2024 — December 31, 2024 Total expenses: $24.8M across 12,400 submissions Coverage: All departments, all regions, all expense categories Exclusions: Payroll-related expenses (covered under payroll audit) RISK ASSESSMENT: ┌──────────────────────────────┬──────────┬───────────┬────────────────┐ │ Risk Area │ Likelihood│ Impact │ Audit Effort │ │ │ │ │ Allocation │ ├──────────────────────────────┼──────────┼───────────┼────────────────┤ │ Duplicate submissions │ Medium │ High │ 15% │ │ Receipt fraud/forgery │ Low │ Critical │ 20% │ │ Policy non-compliance │ High │ Medium │ 25% │ │ Related-party transactions │ Low │ Critical │ 15% │ │ Travel over-limit │ High │ Low │ 10% │ │ Entertainment misclassification│ Medium │ High │ 10% │ │ System control weaknesses │ Medium │ Medium │ 5% │ └──────────────────────────────┴──────────┴───────────┴────────────────┘ SAMPLING METHODOLOGY: Automated testing: 100% of transactions (rule-based screening) Manual testing: • > $10,000: 100% review • $5,000 — $10,000: 50% sample • $1,000 — $5,000: 25% sample • $500 — $1,000: 10% sample • < $500: 5% sample • High-risk categories (travel, entertainment): +10% sample rate • New employees (< 6 months): +5% sample rate Total manual sample: ~1,240 submissions (10% of population) AUDIT CRITERIA: Receipt requirements: ✓ All expenses > $25 require itemized receipt ✓ Receipt must show: vendor, date, amount, items purchased ✓ Digital receipts acceptable (email, e-receipt) Approval hierarchy: ✓ < $500: direct manager approval ✓ $500 — $5,000: skip-level approval ✓ > $5,000: department head + finance approval Policy limits: ✓ Meal per diem: $75/domestic, $125/international ✓ Lodging: $250/domestic, $350/international (tiered by city) ✓ Entertainment: $500/event maximum, pre-approval required ✓ Mileage: $0.67/mile (IRS rate) Timing: ✓ Submission within 30 days of expense date ✓ No retroactive approvals > 90 days RED FLAG INDICATORS: 1. Duplicate: same amount, same vendor, same date (or ±1 day) 2. Split receipt: multiple small claims just under approval threshold 3. Weekend/holiday: expense dates falling on non-business days 4. Round dollar: amounts at exact $50, $100, $500 increments 5. Missing receipt: claims submitted without required documentation 6. Vendor anomaly: personal accounts (Venmo, CashApp), unusual merchants 7. Geographic mismatch: expense location inconsistent with travel itinerary 8. Frequency: unusual volume from single employee in short period ``` ### Audit Findings Report Template ``` AUDIT FINDINGS REPORT — Expense Audit Q4 2024 ================================================ Report Date: 2025-01-15 | Distribution: CFO, Audit Committee, Department Heads EXECUTIVE SUMMARY: Overall assessment: Controls are MODERATELY EFFECTIVE Total findings: 14 (2 Critical, 4 High, 5 Medium, 3 Low) Financial impact: $187,400 identified in questionable expenses Fraud indicators: 3 cases under investigation Compliance rate: 89.2% (target: 95%) FINDING #1 — Duplicate Expense Submissions (HIGH) Risk rating: HIGH | Financial impact: $42,300 Frequency: 37 duplicate pairs detected across 28 employees Root cause: System does not flag near-duplicate submissions; manual review process inconsistent Evidence: Automated scan identified 37 duplicate pairs totaling $42,300 (examples: Employee A submitted two $245 travel claims on consecutive days with identical vendor) Recommendation: ✓ Implement automated duplicate detection in expensing system ✓ Add duplicate check to manager approval workflow ✓ Retroactive investigation for 2024 submissions ✓ Recovery action for identified duplicates (14 cases deemed unintentional — education; 23 cases flagged for recovery) FINDING #2 — Receipt Fraud Indicators (CRITICAL) Risk rating: CRITICAL | Financial impact: $67,800 (under investigation) Frequency: 3 employees flagged for suspicious receipt patterns Root cause: Manual receipt verification insufficient; system lacks image authentication capabilities Evidence: • Employee X: 12 expense claims with identical receipt font/spacing (suggesting digital manipulation) — $28,400 • Employee Y: 8 expense claims at non-existent vendor (name similarity to real vendor) — $21,600 • Employee Z: 15 expense claims with weekend timestamps but receipt dates on weekdays — $17,800 Recommendation: ✓ Immediate HR + internal audit investigation ✓ Implement receipt OCR with authenticity verification ✓ Vendor validation against known business database ✓ Recovery action pending investigation outcome FINDING #3 — Travel Policy Non-Compliance (MEDIUM) Risk rating: MEDIUM | Financial impact: $54,200 Frequency: 156 over-limit submissions (not pre-approved) Root cause: Unclear communication of city-tiered lodging limits; booking system does not enforce limits at point of booking Evidence: Automated policy scan identified 156 submissions exceeding lodging or meal per diem limits without pre-approval Recommendation: ✓ Integrate policy limits into travel booking system ✓ Pre-approval workflow for exceptions ✓ Refresher training for all employees ✓ Department-level compliance dashboards FINDING #4 — Related-Party Transaction Weakness (HIGH) Risk rating: HIGH | Financial impact: $23,100 Frequency: 7 claims involving vendors linked to employees Root cause: No automated related-party screening; disclosure process relies on self-reporting Evidence: Cross-referencing vendor bank accounts with employee direct deposit accounts identified 7 potential matches Recommendation: ✓ Implement automated related-party screening ✓ Mandatory conflict-of-interest disclosure annualization ✓ Policy update: prohibition on personal gain from vendor selection ✓ Review all vendor relationships for 2024 REMEDIAL ACTIONS STATUS: ┌──────────────────────────────┬───────────┬──────────┬───────────┐ │ Action │ Owner │ Deadline │ Status │ ├──────────────────────────────┼───────────┼──────────┼───────────┤ │ Duplicate detection system │ IT/Finance│ Feb 28 │ Planned │ │ Receipt OCR implementation │ IT │ Mar 31 │ Planned │ │ Travel policy training │ HR │ Jan 31 │ In Progress│ │ Related-party screening │ Finance │ Feb 15 │ Planned │ │ Fraud investigation closure │ IA/HR │ Feb 28 │ Active │ │ Vendor validation database │ Procurement│ Mar 15 │ Planned │ │ Recovery process execution │ Finance │ Jan 31 │ Active │ └──────────────────────────────┴───────────┴──────────┴───────────┘ CONTINUOUS MONITORING RECOMMENDATIONS: 1. Monthly automated duplicate scan (all transactions) 2. Quarterly policy compliance review (stratified sample) 3. Annual Benford's Law analysis (statistical anomaly detection) 4. Real-time alerts for: > $10K submissions, weekend expenses, new vendor first use, related-party matches 5. Annual audit program refresh and risk reassessment ``` ## Integration Points - **Expense management**: Concur, Expensify, Rippling, Zoho Expense - **ERP systems**: SAP, Oracle NetSuite, Microsoft Dynamics, Workday - **Audit management**: TeamMate, AuditBoard, WorkflowMax - **Analytics tools**: ACL (Galvanize), IDEA, Tableau, Power BI - **OCR platforms**: Abbyy, Veryfi, Extractable (receipt processing) - **Fraud detection**: AI-powered anomaly detection platforms - **eDiscovery**: Relativity, Nuix (document review for investigations) - **HR systems**: Workday, BambooHR (employee data, disciplinary action) - **Case management**: Jira, ServiceNow (finding tracking, remediation) - **Communication**: Slack, email, MS Teams (alerting, reporting) ## Edge Cases | Scenario | Handling | |----------|----------| | C-level executive flagged for policy violation | Handle through confidential channel; notify audit committee; avoid public reprimand | | Evidence of systematic fraud (not isolated) | Engage legal counsel; preserve evidence; consider law enforcement referral | | Employee denies violation during interview | Document response; escalate per HR policy; focus on evidence not testimony | | Audit findings reveal systemic policy flaw | Recommend policy revision; separate process finding from individual violations | | Data privacy conflict (employee data in audit) | Consult legal; anonymize where possible; limit access to audit team | | Retaliation concern after audit | Monitor flagged employees; ensure protection per whistleblower policy | | Audit scope expanded mid-engagement | Formal scope change documentation; reassess timeline and resources | | Management disputes audit findings | Present evidence clearly; allow management response in report; escalate to audit committee | ## Output ### Audit Program Dashboard ``` EXPENSE AUDIT — Program Dashboard ================================== As of: 2025-01-15 AUDIT STATUS: Current audit: Annual Expense Audit 2024 Phase: Reporting & Remediation Completion: 85% (3 of 4 phases complete) Estimated close: January 28, 2025 KEY METRICS: Universe tested: $24.8M | 12,400 submissions Sample tested: $2.4M | 1,240 submissions (10%) Automated testing: 100% of population (rule-based) COMPLIANCE OVERVIEW: Overall compliance rate: 89.2% [██████████████████████░░░░░░] (target: 95%) ⚠ Receipt compliance: 94.5% [█████████████████████████░░░] ✓ Approval compliance: 96.8% [████████████████████████████] ✓ Policy limit compliance: 87.1% [██████████████████████░░░░░░] ⚠ Timely submission: 91.3% [█████████████████████████░░░] ✓ FINDINGS SUMMARY: Critical: 2 [████] — Investigation active High: 4 [████████] — Remediation planned Medium: 5 [████████████] — Remediation in progress Low: 3 [█████] — Acceptable risk / monitoring FINANCIAL EXPOSURE: Questionable expenses: $187,400 Duplicate amount: $ 42,300 (recovery target) Over-limit unapproved: $ 54,200 (training + system fix) Fraud under investigation: $67,800 (pending outcome) Related-party exposure: $ 23,100 (screening + policy fix) REMEDIATION TRACKING: Actions planned: 7 In progress: 2 Completed: 0 Overdue: 0 CONTINUOUS MONITORING: Active alerts: 4 • Real-time duplicate detection: ACTIVE • Over-limit notification: ACTIVE • Weekend expense alert: ACTIVE • Related-party screening: PENDING (go-live Feb 15) Monthly scan schedule: 1st of each month (automated) Last scan: 2025-01-01 → 12 near-duplicates flagged (auto-resolved) TREND ANALYSIS (Quarterly): ┌──────────────┬──────────┬──────────┬──────────┬──────────┐ │ Metric │ Q4 2023 │ Q1 2024 │ Q2 2024 │ Q4 2024 │ ├──────────────┼──────────┼──────────┼──────────┼──────────┤ │ Compliance │ 92.1% │ 90.8% │ 89.5% │ 89.2% │ ← ⚠ Declining │ Avg claim $ │ $847 │ $892 │ $915 │ $923 │ ← Rising │ Duplicates │ 18 │ 22 │ 31 │ 37 │ ← ⚠ Increasing │ Over-limit │ 98 │ 112 │ 134 │ 156 │ ← ⚠ Increasing │ Fraud flags │ 1 │ 0 │ 2 │ 3 │ ← ⚠ Emerging └──────────────┴──────────┴──────────┴──────────┴──────────┘ Trend assessment: COMPLIANCE DECLINING — requires management attention Recommended actions: policy refresher training; system enforcement; enhanced monitoring ```